2012/9/23 Eliezer Croitoru <eliezer_at_ngtech.co.il>:
> On 9/23/2012 3:52 PM, E.S. Rosenberg wrote:
>>
>> 1. Can (potentially) reloading squid (service squid3 reload or
>> /etc/init.d/squid3 reload) this often have a negative impact? or bad
>> side effects?
>> 2. Such reloads according to my logic would have to be coordinated
>> between all processes that may be editing acls, correct?
>
> Hey Eliyahu,
>
> Reloading every 5 minutes is a very BAD idea.
> It can cause slowdowns and other stuff to respond bad.
>
> I remember your code in PHP?
>
> Instead of writing ACLs into squid.conf and included files it will be better
> to use an EXTERNAL_ACL that can be updated automaticly and do not be needed
> to restart.
>
> what kind of ACLs are you talking about exactly?
Lists of users, users that browse through ISP A, and users that browse
thought ISP B, users that are blocked etc.
> think in mind that you can write you own settings file\db and to work with.
>
> if it's LDAP\mysql\RADUIS It can be done easily.
The info on which ISP a user is supposed to use at the moment is
"partially" in LDAP (ie. determined by location in tree or membership
of a unix group, I'd like to change it to being an attribute for each
user).
We also have a RADIUS server which basically acts as a frontend to
LDAP for some RADIUS based products, it seems that leveraging RADIUS
would provide other advantages if I also leverage the reporting
feature to count users' traffic....
Thanks,
Eli
>
> I have just worked on a framework of EXTERNAL_ACL that allows you high
> concurrency and working with DB and what ever needed to check ACLS.
>
> If you have more specific data on the ACLs I will be happy to look at it and
> see if there is a simple way for my framework to give you what you need.
>
> Eliezer
> --
> Eliezer Croitoru
> https://www1.ngtech.co.il
> IT consulting for Nonprofit organizations
> eliezer <at> ngtech.co.il
Received on Thu Sep 27 2012 - 15:25:57 MDT
This archive was generated by hypermail 2.2.0 : Sun Sep 30 2012 - 12:00:15 MDT